Hi,
In the “TLS in Kubernetes - Certificate Creation” lecture, I understand that the root certificate (e.g. "ca.crt" file) needs to be specified in "--trusted-ca-file" field for the ETCD server, so that it can verify its client.
At the 8:45 mark, it seems like the API server is trying to achieve the same objective via the "--client-ca-file". However, in this case, it is using the "ca.pem" file, which is different from the "ca.crt" file generated in the beginning of the lecture (e.g. it has actually never appeared in this lecture until this point).
Are both "ca.pem" and "ca.crt" referring to the same root certificate in this case?
Thank you.